Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Ed_26015's avatar
Ed_26015
Icon for Nimbostratus rankNimbostratus
15 years ago

Source routing with iRules

Hi all,     I hope you can help.     I have two interfaces on the F5 that connect back to a Cisco PIX again on different interfaces.     Topology is 10.130.4.1 & 10.130.32.1 for the ...
application delivery
dev
devops
irules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
15 years ago
Hi Ed,

For performance and ease of management, you could combine all of the addresses/subnets that have a common destination IP into an address datagroup and then use matchclass (9.x) or class match (10.x) to look up the client IP. To check whether a match is being made, you could add logging to the iRule: 


when CLIENT_ACCEPTED {
   log local0. "[IP::client_addr]:[TCP::client_port]: destination [IP::local_addr]:[TCP::local_port]"

    Check if client IP is in the my_subnets_class datagroup
   if {[class match [IP::client_addr] equals my_subnets_class]}{
      log local0. "[IP::client_addr]:[TCP::client_port]: Matched my_subnets_class, using 10.130.32.1"
      node 10.130.32.1
   } else {
      node 10.130.4.1
      log local0. "[IP::client_addr]:[TCP::client_port]: Matched my_subnets_class, using 10.130.32.1"
   }
}

If you're testing with ICMP, make sure your virtual server type is defined as all protocols.

Aaron